Candi's Cissp Domain 6

Front 1

What verifies that a control is functioning properly?

Back 1

Security tests

Front 2

What are comprehensive reviews of the security of a system?

Back 2

Security assessments

Front 3

What is the same as a security assessment, but is performed by an independent auditor?

Back 3

Security audits

Front 4

What is the most important maintenance activity for Information Security?

Back 4

Security assessment and testing

Front 5

True or False. Security assessments include security testing, like scans, pen testing and manual attempts to undermine security, plus a review of the threat environment and value of the system. They result in an assessment report given to management.

Back 5

True

Front 6

Whom are usually given the security audit reports?

Back 6

Board of Directors or the government

Front 7

Vulnerability assessments are some of the most important tools. Are they security testing tools or security assessment tools?

Back 7

Vulnerability assessments are security testing tools not security assessment tools.

Front 8

What automatically probes systems looking for weaknesses?

Back 8

Vulnerability scans

Front 9

What scans a range of IP addresses looking for systems with open network ports that are exposed through the network and server firewalls that lie on the network path between the scanner and the system?

Back 9

Network discovery scans

Front 10

What is half open scanning where a packet is sent to each scanned port with the SYN flag set? Open ports will add an ACK flag and the scanning report shows the ports and their flags.

Back 10

TCP SYN scanning

Front 11

What is it when a packet is sent with the FIN, PSH, and URG flags set?

Back 11

XMAS scanning. A packet with so many flags is said to be lit up like Christmas

Front 12

What TCP port number is a MSFT SQL server db port that should never be open?

Back 12

1433

Front 13

What TCP port is FTP?

Back 13

21

Front 14

What TCP port is SSH?

Back 14

22

Front 15

What TCP port is Telnet?

Back 15

23

Front 16

What TCP port is SMTP?

Back 16

25

Front 17

What TCP port is DNS (is used for HTTP)?

Back 17

80

Front 18

What TCP port is POP3?

Back 18

110

Front 19

What TCP port is HTTPS?

Back 19

443

Front 20

What is the most common tool used for network discovery? It is a free open source tool. It tells you if the port is Open, Closed, or Filtered (filtered is not able to determine if the port is open or closed due to the firewall interfering)

Back 20

nmap

Front 21

What goes deeper than discovery scans and not only detects open ports, but probes a targeted system for known vulnerabilities? They contain large db's of known vulnerabilities.

Back 21

Network vulnerability scans

Front 22

What uses special purpose tools to scan apps for known vulnerabilities? They discover flaws not visible to network vulnerability scanners.

Back 22

Web application vulnerability scans

Front 23

True or False. The PCI DSS (payment card industry data security standard) requires monthly scanning if Web apps do not have dedicated firewalls.

Back 23

False. They require annual scanning.

Front 24

What is the attempt to exploit systems to demonstrate the flaw?

Back 24

Penetration Testing

Front 25

What are the 6 steps of Penetration Testing?

Back 25

1. Perform reconnaissance to learn about the system

2. Run network discovery scans to id open ports

3. Run network vulnerability scan to id unpatched vulnerabilities

4. Run app vulnerability scan to id app flaws

5. Use exploit tools to automatically attempt to defeat the system

6. Manual probing and attack attempts

Front 26

What is a popular tool for a automatically exploiting a system? It runs a script that executes common attacks (hackers can use it too).

Back 26

Metasploit

Front 27

What are the 3 types of Penetration Tests?

Back 27

White box, gray box, black box

Front 28

What type of pen test is it where the tester has detailed information about the system to speed up the test?

Back 28

White box

Front 29

What type of pen test is it where the tester has partial knowledge of the system?

Back 29

Gray box

Front 30

What type of pen test is a full simulation of an attacker? The tester has no knowledge of the system ahead of time.

Back 30

Black box

Front 31

Which of these reasons are why you should test your software?

a. SW apps often have privileged access to the OS, HW and other resources

b. They routinely handle sensitive information

c. They rely on db's that also contain sensitive information

d. They are critical to the operations of the company. You don't want them to fail.

Back 31

All 4

Front 32

What is a common (albeit rigid) code review inspection process that follows: Planning > Overview > Preparation > Inspection > Rework > Follow Up

Back 32

Fagan

Front 33

What testing evaluates the security of SW by analyzing the source code or the compiled application?

Back 33

Static testing

Front 34

What testing evaluates the security of SW in a runtime environment?

Back 34

Dynamic testing

Front 35

What provides many different types of input to the SW to stress its limits and find flaws?

Back 35

Fuzz testing

Front 36

What Fuzz testing alters actual values (bit flipping)?

Back 36

Mutation Fuzzing (dumb)

Front 37

What Fuzz testing uses data models to create new fuzzed inputs based on understanding the data used in the SW?

Back 37

Generational Fuzzing (intelligent)

Front 38

What is a standardized way for code modules to interact and may be exposed via web services?

Back 38

API (application programming interface)

Front 39

What type of interface is mostly found in manipulating machinery? If they fail, they could impact the SW.

Back 39

Physical interface

Front 40

Because you cannot test for everything, what is the Test Coverage Analysis formula?

Back 40

Test Coverage equals Number of use cases tested divided by the Total number of use cases

Front 41

What security assessment and testing metrics should you monitor?

Back 41

Number of open vulnerabilities

Time to resolve vulnerabilities

Number of compromised accounts

Number of SW flaws detected in preproduction scanning

Repeat audit findings

User attempts to visit known malicious sites

Front 42

What testing method is used to design new sw tests and ensure the quality of tests?

Back 42

Mutation testing

It modifies a program in small ways & then tests the mutant to determine if it behaves as it should.

Front 43

What tool is best for scanning for web application & web server vulnerabilities?

Back 43

Nikto

Front 44

What message & event logging standard is commonly used by network and other enterprise devices?

Back 44

Syslog

Front 45

What type of SOC (service organization control) report verifies security, privacy and availability controls and is shared with a broad audience?

Back 45

SOC-3

SOC-2 is the same as SOC-3, but is only shared internally or with close partners.

SOC-1 reports on the internal controls over financial reporting

Front 46

What type of testing is used to ensure separately developed sw modules properly exchange data?

Back 46

Interface testing

Front 47

What type of network logging allows you to review traffic information between parts of your network?

Back 47

Flow logging

Front 48

These IP ranges are what type of addresses and can they be accessed outside the company they belong to?

10.0

172.16.0

192.168.0

Back 48

They are RFC 1918 addresses, which are allocated for private networks. They cannot be accessed from outside except by nacareous means.

Front 49

What can ensure consistent logging settings across systems?

Back 49

Group Policy

Front 50

Which scan would you use if you didn't have elevated privileges and needed to scan a system to verify open services, TCP connect scan or TCP SYN scan?

Back 50

TCP connect scan

Front 51

True or False. Passive scanning can help identify rogue devices?

Back 51

True

Front 52

What 4 code coverage criteria are commonly used when validating a code testing suite?

Back 52

Function, statement, branch, condition coverage

Front 53

Which interface is one not typically tested during sw testing, network interface or physical interface?

Back 53

Network interface

Front 54

What protocol handles vulnerability management data?

Back 54

SCAP (security content automation protocol)

Front 55

True or False. Exploiting vulnerabilities is not a hazard during pen testing.

Back 55

True. It is not a hazard, it is part of the process.

Front 56

What should happen right after a vulnerability is found by a scanner (do this before remediation)?

Back 56

Validate the issue exists

Front 57

What is a vulnerability scoring system that compares exploitability, impact, and how they can be remediated?

Back 57

CVSS Common Vulnerability Scoring System

Front 58

What type of vulnerability scan accesses system configuration information including OS details, services and missing patches?

Back 58

Authenticated scan

Uses read only access to system information so it can do a more thorough scan.

Front 59

Which of these will not help prevent the tampering of data: hashes, digital signatures, filtering, authorization controls?

Back 59

Filtering

Most effective against DoS attacks

Front 60

True or False. nmap only scans ports 1-1024 by default. Therefore it misses 64k ports.

Back 60

True

You can name more for it to scan, though

Front 61

What application threat modeling includes malicious users as well as descriptions like mitigates and threatens?

Back 61

Misuse case diagram

Front 62

CVE db's provide what type of data?

Back 62

Vulnerability information (not typically patching information. Patches come from other places)